#! /usr/bin/env bash

#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

# test-multicert-loading: test loading large numbers of SSL certificates.

TSQA_TSXS=${TSQA_TSXS:-/opt/ats/bin/tsxs}
TSQA_TESTNAME=$(basename $0)
source $(dirname $0)/functions

bootstrap

# If Traffic Server is not up, bring it up ...
alive cop || startup || fatal unable to start Traffic Server
trap shutdown 0 EXIT

#msg unpacking the SSL certificates into \$sysconfdir/ssl.
#(
#  tarball=$(cd $(dirname $0) && pwd)/ssl-multicert-bundle.tar.bz2
#  conf=$TSQA_ROOT/$(sysconfdir)/ssl
#
#  cd $TSQA_ROOT/$(sysconfdir) && tar -xf $tarball
#)

msg updating SSL configuration paths
tsexec traffic_line -s proxy.config.ssl.server.cert.path -v $TSQA_ROOT/$(sysconfdir)/ssl
tsexec traffic_line -s proxy.config.ssl.server.multicert.filename -v $TSQA_ROOT/$(sysconfdir)/ssl/ssl_multicert.config

# XXX configure an exampe plugin that uses the TS-2437 SSL lifecycle hooks

# XXX hardcoding the ports is lame ...
PORT=9443:ssl,10443:ssl,11443:ssl

# Enable SSL and bounce Traffic Server.
tsexec traffic_line -s proxy.config.diags.action.enabled -v 1
tsexec traffic_line -s proxy.config.diags.action.tags -v test.multicert.delay

tsexec traffic_line -s proxy.config.http.server_ports -v $PORT
tsexec traffic_line -s proxy.config.diags.debug.enabled -v 1
tsexec traffic_line -s proxy.config.diags.debug.tags -v ssl

# Stash the admin port while we have traffic_server running. It won't be
# available later if traffic_server does not come back up.
admin_port=$(tsexec traffic_line -r proxy.config.process_manager.mgmt_port)

# The sleep is needed to let Traffic Server schedule the config change.
msgwait 2 to restart with SSL ports enabled
tsexec traffic_line -L

msgwait 6 for traffic_server to restart
alive server || startup || fatal unable to start Traffic Server

# XXX use the SSL lifecycle hooks in TS-2437 to verify that we loaded the
# certificates.

START=$(date +%s)

# Verify that the healthcheck comes up within about 60 seconds.
for c in $(seq 60) ; do
  curl --silent --max-time 1 -o /dev/null http://127.0.0.1:${admin_port}/synthetic.txt && exit $TSQA_FAIL
  sleep 1
done

fail unable to start traffic_server after $(( $(date +%s) - $START )) seconds
exit $TSQA_FAIL

# vim: set sw=2 ts=2 et :
